Continuing to fight comment spam (also new BE theme inside!)

Topics: Themes
Apr 2, 2010 at 5:12 PM

So as many of us already know, BE.NET attracts a lot of comment spam (a whole lot, I've been averaging nearly 40 a day).  Lately I've been trying to find ways to manage that so that I don't have delete spam on a daily basis.  I've tried a few new things which I blogged about and so far they seem to be working.  I've forked my changes (thank you CP for switching to Hg, too bad it isn't Git though) and so if you guys want to pull some of them over you can review the code.

The main change involves adding a hidden text field that is designed to be a spambot trap.  I stole the idea, but basically if a bot enters anything into the field the javascript validation will fail and it will not submit the comment. 

I am also trying to make it harder for bots to search for my site by removing or changing certain phrases that are being used by spam bots to search for BE.NET sites and locate comment pages they include things like:

  • "powered by blogengine"
  • "Powered by BlogEngine.NET 1.6.0.0"
  • "Will show your Gravatar" + "ups"
  • "Notify me when new comments are added"

and several variations of those.  It will probably take a couple more weeks before that has an effect on the search rank of my site though.

In order to retain a "powered by" link I created a little BE.NET icon instead.  You can see this in my LucisFerre theme that I have committed to my fork or on my site.

Which brings me to the second thing.  I am donating my custom theme to the community.  It is included on my fork under LucisFerre.  It's just a simple theme that is based off the default theme.  I only ask that you retain the author line and link at the bottom, but I'm not enforcing that, so if you feel you need to remove it for whatever reason, whatever.  Ben please feel free to include it in the next release if you like it.  I will be working on a new custom theme for my site (just so I can stay original ;-)).

So the question is, is it working?  Well as far as I can tell (it has only been four days), smashingly.  Since adding the spam trap over 4 days ago I have received about the same about of spam I was getting in a single day before and not a single spam message has gotten through the spam filters *crosses fingers*.  I will need to test it for at least another week or so, but the results are clear enough that I wanted to share it with the community and see if others want to try it out so we have more data.

Obviously targeted spam bots will be able to be adapted to this, but spammer tend to be lazy luddite technophobes trying to make monnies from home and my guess is most bots get woefully out of date.  Though there is still more we can do to confuse them, so while this won't stop all spam it will significantly reduce the volume so that the filters can do their jobs more effectively.  There is a big difference between one to two messages getting through a week vs per day. 

I may also try to write an OpenID authentication feature in the near future.

 

 

Apr 2, 2010 at 5:33 PM

I cannot find the download link for your theme, thank you.

Apr 2, 2010 at 5:54 PM
Edited Apr 2, 2010 at 7:10 PM

There is no download link, you can pull down the code for the theme off my fork.  Actually I always just compile my whole site from source and upload it so I have not actually tried packaging the theme, but here is the folder, give it a shot:

http://github.com/downloads/lucisferre/Graphite/LucisFerre.zip

Oh, I should mention I put the blogengine image in the root pics folder so you can just download it from my site:

http://www.lucisferre.net/pics/benlogo80.gif